Sign-Out | API Reference | Descope Documentation

Authorization

Descope Project ID:Refresh JWT

AuthorizationBearer <token>

Project ID:Refresh JWT as bearer token.

In: header

Request Body

application/json

logoutType?array<string>

string

Log the user out from the provided session

This API endpoint will sign the user out of the provided session using the refreshToken. Successfully executing this endpoint will invalidate the provided refresh tokens. Response will also include all user tokens and fields empty, so the executing client will remove cookies as well.

curl -X POST "https://api.descope.com/v1/auth/logout" \
  -H "Content-Type: application/json" \
  -d '{}'

curl -X POST "https://api.descope.com/v1/auth/logout" \  -H "Content-Type: application/json" \  -d '{}'

ResponseOK

{
  "sessionJwt": "string",
  "refreshJwt": "string",
  "cookieDomain": "string",
  "cookiePath": "string",
  "cookieMaxAge": 0,
  "cookieExpiration": 0,
  "user": {
    "loginIds": [
      "string"
    ],
    "userId": "string",
    "name": "string",
    "email": "string",
    "phone": "string",
    "verifiedEmail": true,
    "verifiedPhone": true,
    "roleNames": [
      "string"
    ],
    "userTenants": [
      {
        "tenantId": "string",
        "roleNames": [
          "string"
        ],
        "tenantName": "string",
        "permissions": [
          "string"
        ]
      }
    ],
    "status": "string",
    "externalIds": [
      "string"
    ],
    "picture": "string",
    "test": false,
    "customAttributes": {
      "attribute-key": "attribute-value"
    },
    "createdTime": 0,
    "TOTP": false,
    "SAML": false,
    "OAuth": {
      "property1": false,
      "property2": false
    },
    "webauthn": true,
    "password": true,
    "ssoAppIds": [
      "string"
    ],
    "givenName": "string",
    "middleName": "string",
    "familyName": "string",
    "editable": true,
    "SCIM": true,
    "push": true,
    "permissions": [
      "string"
    ],
    "OIDC": true,
    "consentExpiration": 0
  },
  "firstSeen": true,
  "idpResponse": {
    "samlResponse": "string",
    "samlGeneratedUser": "string",
    "samlGeneratedRoles": "string",
    "oidcResponse": "string",
    "oidcGeneratedUser": "string",
    "oidcGeneratedRoles": "string",
    "idpGroups": [
      "string"
    ],
    "idpSAMLAttributes": false,
    "idpOIDCClaims": {}
  },
  "sessionExpiration": 0,
  "externalToken": "string",
  "claims": {},
  "tenantSSOID": "string",
  "trustedDeviceJwt": "string",
  "nextRefreshSeconds": 0,
  "cookieName": "string",
  "sessionCookieName": "string",
  "sessionCookieDomain": "string"
}

{  "sessionJwt": "string",  "refreshJwt": "string",  "cookieDomain": "string",  "cookiePath": "string",  "cookieMaxAge": 0,  "cookieExpiration": 0,  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0  },  "firstSeen": true,  "idpResponse": {    "samlResponse": "string",    "samlGeneratedUser": "string",    "samlGeneratedRoles": "string",    "oidcResponse": "string",    "oidcGeneratedUser": "string",    "oidcGeneratedRoles": "string",    "idpGroups": [      "string"    ],    "idpSAMLAttributes": false,    "idpOIDCClaims": {}  },  "sessionExpiration": 0,  "externalToken": "string",  "claims": {},  "tenantSSOID": "string",  "trustedDeviceJwt": "string",  "nextRefreshSeconds": 0,  "cookieName": "string",  "sessionCookieName": "string",  "sessionCookieDomain": "string"}

TypeScript

/**
 * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message
 */
export interface Response {
sessionJwt?: string
refreshJwt?: string
cookieDomain?: string
cookiePath?: string
cookieMaxAge?: number
cookieExpiration?: number
user?: {
loginIds?: string[]
userId?: string
name?: string
email?: string
phone?: string
verifiedEmail?: boolean
verifiedPhone?: boolean
roleNames?: string[]
userTenants?: UserTenants[]
status?: string
externalIds?: string[]
picture?: string
test?: boolean
/**
 * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.
 */
customAttributes?: {
[k: string]: string
}
createdTime?: number
TOTP?: boolean
SAML?: boolean
OAuth?: {
[k: string]: boolean
}
webauthn?: boolean
password?: boolean
ssoAppIds?: string[]
givenName?: string
middleName?: string
familyName?: string
editable?: boolean
SCIM?: boolean
push?: boolean
permissions?: string[]
OIDC?: boolean
consentExpiration?: number
}
firstSeen?: boolean
idpResponse?: IDPResponse
sessionExpiration?: number
externalToken?: string
claims?: {

}
tenantSSOID?: string
trustedDeviceJwt?: string
nextRefreshSeconds?: number
cookieName?: string
sessionCookieName?: string
sessionCookieDomain?: string
}
export interface UserTenants {
tenantId?: string
roleNames?: string[]
tenantName?: string
permissions?: string[]
}
export interface IDPResponse {
samlResponse?: string
samlGeneratedUser?: string
samlGeneratedRoles?: string
oidcResponse?: string
oidcGeneratedUser?: string
oidcGeneratedRoles?: string
idpGroups?: string[]
idpSAMLAttributes?: boolean
idpOIDCClaims?: {

}
}

/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface Response {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: number}firstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: string}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}

Was this helpful?